You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/01 20:15:12 UTC
[1/3] airavata git commit: AIRAVATA-2402 changes needed to be able to
run MigrationManager
Repository: airavata
Updated Branches:
refs/heads/develop 64ea7eebd -> bd526ade0
AIRAVATA-2402 changes needed to be able to run MigrationManager
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/c076a56b
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/c076a56b
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/c076a56b
Branch: refs/heads/develop
Commit: c076a56bb9b06e72489244d58fa39bf35c9b3201
Parents: 64ea7ee
Author: Marcus Christie <ma...@apache.org>
Authored: Wed May 31 15:56:50 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Wed May 31 15:56:50 2017 -0400
----------------------------------------------------------------------
.../org/apache/airavata/MigrationManager.java | 4 ++-
.../UserProfileAiravataThriftClient.java | 8 ++---
.../airavata/Wso2IdentityServerClient.java | 38 ++++++++++++++++----
3 files changed, 36 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/c076a56b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
index ba52de4..85353ce 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
@@ -36,6 +36,8 @@ public class MigrationManager {
private ArrayList<Wso2ISLoginCredentialsDAO> adminCredentials = new ArrayList<Wso2ISLoginCredentialsDAO>();
private static AuthzToken authzToken = new AuthzToken("empy_token");
+ private String profileServiceServerHost = "localhost";
+ private int profileServiceServerPort = 8962;
/*Add the credentials for all the tenants from which the profile should be migrated to Airavata DB*/
public void setISLoginCredentials(){
@@ -107,7 +109,7 @@ public class MigrationManager {
private boolean migrateUserProfilesToAiravata(List<UserProfileDAO> ISProfileList) throws TException, ApplicationSettingsException {
System.out.println("Initiating migration to Airavata internal DB ...");
UserProfileAiravataThriftClient objFactory = new UserProfileAiravataThriftClient();
- UserProfileService.Client client = objFactory.getUserProfileServiceClient();
+ UserProfileService.Client client = objFactory.getUserProfileServiceClient(profileServiceServerHost, profileServiceServerPort);
UserProfile airavataUserProfile = new UserProfile();
// Here are the data associations...
for(UserProfileDAO ISProfile : ISProfileList){
http://git-wip-us.apache.org/repos/asf/airavata/blob/c076a56b/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileAiravataThriftClient.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileAiravataThriftClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileAiravataThriftClient.java
index 56f2235..3bea905 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileAiravataThriftClient.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileAiravataThriftClient.java
@@ -20,7 +20,6 @@
package org.apache.airavata;
import org.apache.airavata.common.exception.ApplicationSettingsException;
-import org.apache.airavata.common.utils.ServerSettings;
import org.apache.airavata.service.profile.client.ProfileServiceClientFactory;
import org.apache.airavata.service.profile.user.cpi.UserProfileService;
import org.apache.airavata.service.profile.user.cpi.exception.UserProfileServiceException;
@@ -28,14 +27,11 @@ import org.apache.thrift.TException;
public class UserProfileAiravataThriftClient {
- public UserProfileService.Client getUserProfileServiceClient() throws TException, ApplicationSettingsException {
- // Check the server ports before running migration
- final int serverPort = Integer.parseInt(ServerSettings.getUserProfileServerPort());
- final String serverHost = ServerSettings.getUserProfileServerHost();
+ public UserProfileService.Client getUserProfileServiceClient(String serverHost, int serverPort) throws TException, ApplicationSettingsException {
try {
return ProfileServiceClientFactory.createUserProfileServiceClient(serverHost, serverPort);
} catch (UserProfileServiceException e) {
- throw new TException("Unable to create registry client...", e);
+ throw new TException("Unable to create user profile service client...", e);
}
}
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/c076a56b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java
index 48a6857..138b816 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/Wso2IdentityServerClient.java
@@ -27,7 +27,13 @@ import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.axis2.transport.http.HttpTransportProperties;
import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceStub;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import java.io.File;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
/*
*
@@ -68,11 +74,11 @@ public class Wso2IdentityServerClient {
* because the private key and certificate file are not committed to GitHub,
* which are needed to run the client */
- String trustStore = System.getProperty("user.dir") + File.separator +
- "modules" + File.separator + "user-profile-migration" + File.separator +
- "src" + File.separator + "main" + File.separator +
- "resources" + File.separator + "wso2carbon.jks";
- System.out.println("file path : " + trustStore);
+// String trustStore = System.getProperty("user.dir") + File.separator +
+// "modules" + File.separator + "user-profile-migration" + File.separator +
+// "src" + File.separator + "main" + File.separator +
+// "resources" + File.separator + "wso2carbon.jks";
+// System.out.println("file path : " + trustStore);
/**
* Call to https://localhost:9443/services/ uses HTTPS protocol.
@@ -81,10 +87,28 @@ public class Wso2IdentityServerClient {
* Following code sets what trust-store to look for and its JKs password.
*/
- System.setProperty("javax.net.ssl.trustStore", trustStore );
+// System.setProperty("javax.net.ssl.trustStore", trustStore );
- System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
+// System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
+ // idp.scigap.org:9443 certificate has expired, so the following disables checking the certificate
+ TrustManager[] trustAllCerts = new TrustManager[]{
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}
+ public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType){}
+ public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType){}
+ }
+ };
+
+ try {
+ SSLContext sc = SSLContext.getInstance("SSL");
+ sc.init(null, trustAllCerts, new java.security.SecureRandom());
+ SSLContext.setDefault(sc);
+ } catch (KeyManagementException e) {
+ throw new RuntimeException(e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
/**
* Axis2 configuration context
*/
[3/3] airavata git commit: AIRAVATA-2402 Migrate user roles to
Keycloak
Posted by ma...@apache.org.
AIRAVATA-2402 Migrate user roles to Keycloak
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/bd526ade
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/bd526ade
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/bd526ade
Branch: refs/heads/develop
Commit: bd526ade0ac87f9b3673cebd1e029761ee018a57
Parents: 020ecae
Author: Marcus Christie <ma...@apache.org>
Authored: Thu Jun 1 16:13:10 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Thu Jun 1 16:13:10 2017 -0400
----------------------------------------------------------------------
.../airavata/KeycloakIdentityServerClient.java | 76 ++++++++++++++++++--
.../org/apache/airavata/MigrationManager.java | 46 +++++++++---
.../org/apache/airavata/UserProfileDAO.java | 9 +++
3 files changed, 119 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/bd526ade/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
index cd55487..ed1bb8a 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakIdentityServerClient.java
@@ -21,28 +21,79 @@ package org.apache.airavata;
*
*/
+import org.apache.airavata.common.utils.ServerSettings;
+import org.jboss.resteasy.client.jaxrs.ResteasyClient;
+import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
+import javax.management.relation.Role;
import javax.ws.rs.core.Response;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
public class KeycloakIdentityServerClient {
private Keycloak client;
- public KeycloakIdentityServerClient(String adminUrl, String realm, String adminUserName, String adminUserPassword) {
- this.client = Keycloak.getInstance(
+ public KeycloakIdentityServerClient(String adminUrl, String realm, String adminUserName, String adminUserPassword, String trustStorePath, String trustStorePassword) {
+ KeyStore trustKeyStore = loadKeyStore(trustStorePath, trustStorePassword);
+ this.client = getClient(
adminUrl,
realm, // the realm to log in to
adminUserName, adminUserPassword, // the user
- "admin-cli"); // admin-cli is the client ID used for keycloak admin operations.
+ "admin-cli", // admin-cli is the client ID used for keycloak admin operations.
+ trustKeyStore);
}
+ private Keycloak getClient(String adminUrl, String realm, String adminUserName, String adminUserPassword, String clientId, KeyStore trustKeyStore) {
- boolean migrateUserStore(List<UserProfileDAO> userProfiles, String targetRealm, String tempPassword){
+ ResteasyClient resteasyClient = new ResteasyClientBuilder()
+ .connectionPoolSize(10)
+ .trustStore(trustKeyStore)
+ .build();
+ return KeycloakBuilder.builder()
+ .serverUrl(adminUrl)
+ .realm(realm)
+ .username(adminUserName)
+ .password(adminUserPassword)
+ .clientId(clientId)
+ .resteasyClient(resteasyClient)
+ .build();
+ }
+
+ private KeyStore loadKeyStore(String trustStorePath, String trustStorePassword) {
+
+ FileInputStream fis = null;
+ try {
+ fis = new java.io.FileInputStream(trustStorePath);
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(fis, trustStorePassword.toCharArray());
+ return ks;
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to load trust store KeyStore instance", e);
+ } finally {
+ if (fis != null) {
+ try {
+ fis.close();
+ } catch (IOException e) {
+ throw new RuntimeException("Failed to close trust store FileInputStream", e);
+ }
+ }
+ }
+ }
+
+ boolean migrateUserStore(List<UserProfileDAO> userProfiles, String targetRealm, String tempPassword, Map<String,String> roleConversionMap){
+
+ Map<String, RoleRepresentation> allRealmRoles = getRealmRoleNameMap(targetRealm);
for(UserProfileDAO userProfile : userProfiles){
UserRepresentation user = new UserRepresentation();
@@ -63,6 +114,17 @@ public class KeycloakIdentityServerClient {
user.getEmail(),
0,1);
UserResource retirievedUser = this.client.realm(targetRealm).users().get(retrieveCreatedUserList.get(0).getId());
+
+ // Add user to realm roles
+ List<RoleRepresentation> userRealmRoles = userProfile.getRoles().stream()
+ .filter(r -> roleConversionMap.containsKey(r))
+ // Convert from IS role name to Keycloak role name
+ .map(r -> roleConversionMap.get(r))
+ // Convert from Keycloak role name to RoleRepresentation
+ .map(r -> allRealmRoles.get(r))
+ .collect(Collectors.toList());
+ retirievedUser.roles().realmLevel().add(userRealmRoles);
+
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(tempPassword);
@@ -74,4 +136,10 @@ public class KeycloakIdentityServerClient {
return true;
}
+ private Map<String,RoleRepresentation> getRealmRoleNameMap(String targetRealm) {
+ return this.client.realm(targetRealm).roles().list()
+ .stream()
+ .collect(Collectors.toMap(r -> r.getName(), r -> r));
+ }
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/bd526ade/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
index 85353ce..2cfbe59 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/MigrationManager.java
@@ -21,6 +21,7 @@ package org.apache.airavata;
import org.apache.airavata.common.exception.ApplicationSettingsException;
import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.model.user.Status;
import org.apache.airavata.model.user.UserProfile;
import org.apache.airavata.service.profile.user.cpi.UserProfileService;
import org.apache.thrift.TException;
@@ -29,8 +30,8 @@ import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceStub;
import org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceUserStoreExceptionException;
import java.rmi.RemoteException;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.*;
+import java.util.stream.Collectors;
public class MigrationManager {
@@ -38,10 +39,21 @@ public class MigrationManager {
private static AuthzToken authzToken = new AuthzToken("empy_token");
private String profileServiceServerHost = "localhost";
private int profileServiceServerPort = 8962;
+ private Map<String,String> roleConversionMap = createDefaultRoleConversionMap();
+
+ private Map<String,String> createDefaultRoleConversionMap() {
+ Map<String,String> roleConversionMap = new HashMap<>();
+ roleConversionMap.put("admin", "admin");
+ roleConversionMap.put("admin-read-only", "admin-read-only");
+ roleConversionMap.put("gateway-user", "gateway-user");
+ roleConversionMap.put("user-pending", "user-pending");
+ roleConversionMap.put("gateway-provider", "gateway-provider");
+ return roleConversionMap;
+ }
/*Add the credentials for all the tenants from which the profile should be migrated to Airavata DB*/
public void setISLoginCredentials(){
- adminCredentials.add(new Wso2ISLoginCredentialsDAO("prod.seagrid","username","password"));
+ adminCredentials.add(new Wso2ISLoginCredentialsDAO("gateway-id","username","password"));
// new credential records here...
}
@@ -55,7 +67,7 @@ public class MigrationManager {
System.out.println("Fetching User Profiles for " + creds.getGateway() + " tenant ...");
try {
userList = isClient.getUserList("http://wso2.org/claims/givenname", "*", "default");
- System.out.println("FirstName\tLastName\tEmail\t\t\tuserName\tCountry\tOrganization\tphone");
+ System.out.println("FirstName\tLastName\tEmail\t\t\tuserName\tCountry\tOrganization\tphone\tRoles");
String[] claims = {"http://wso2.org/claims/givenname",
"http://wso2.org/claims/lastname",
"http://wso2.org/claims/emailaddress",
@@ -63,7 +75,8 @@ public class MigrationManager {
"http://wso2.org/claims/organization",
"http://wso2.org/claims/mobile",
"http://wso2.org/claims/telephone",
- "http://wso2.org/claims/streetaddress"};
+ "http://wso2.org/claims/streetaddress",
+ "http://wso2.org/claims/role"};
for (String user : userList) {
UserProfileDAO userProfile = new UserProfileDAO();
ClaimValue[] retrievedClaimValues = isClient.getUserClaimValuesForClaims(user, claims, null);
@@ -83,12 +96,14 @@ public class MigrationManager {
phones.add(claim.getValue());
} else if(claim.getClaimURI().equals(claims[7])){
userProfile.setAddress(claim.getValue());
+ } else if(claim.getClaimURI().equals(claims[8])){
+ userProfile.setRoles(convertCommaSeparatedRolesToList(claim.getValue()));
}
}
userProfile.setUserName(user);
userProfile.setGatewayID(creds.getGateway());
userProfile.setPhones(phones);
- System.out.println(userProfile.getFirstName()+"\t"+userProfile.getLastName()+"\t"+userProfile.getUserName()+"\t"+userProfile.getEmail()+"\t"+userProfile.getCountry()+"\t"+userProfile.getOrganization() + userProfile.getAddress());
+ System.out.println(userProfile.getFirstName()+"\t"+userProfile.getLastName()+"\t"+userProfile.getUserName()+"\t"+userProfile.getEmail()+"\t"+userProfile.getCountry()+"\t"+userProfile.getOrganization() + "\t" + userProfile.getAddress() + "\t" + userProfile.getRoles());
userProfileList.add(userProfile);
}
} catch (RemoteException e) {
@@ -105,6 +120,14 @@ public class MigrationManager {
return userProfileList;
}
+ private List<String> convertCommaSeparatedRolesToList(String roles) {
+
+ return Arrays.stream(roles.split(","))
+ .filter(s -> !"Internal/everyone".equals(s))
+ .filter(s -> !"Internal/identity".equals(s))
+ .collect(Collectors.toList());
+ }
+
/* Method used to migrate User profiles to Airavata DB by making a call to User profile thrift Service */
private boolean migrateUserProfilesToAiravata(List<UserProfileDAO> ISProfileList) throws TException, ApplicationSettingsException {
System.out.println("Initiating migration to Airavata internal DB ...");
@@ -113,6 +136,7 @@ public class MigrationManager {
UserProfile airavataUserProfile = new UserProfile();
// Here are the data associations...
for(UserProfileDAO ISProfile : ISProfileList){
+ airavataUserProfile.setAiravataInternalUserId(ISProfile.getUserName() + "@" + ISProfile.getGatewayID());
airavataUserProfile.setFirstName(ISProfile.getFirstName());
airavataUserProfile.setLastName(ISProfile.getLastName());
airavataUserProfile.setUserId(ISProfile.getUserName());
@@ -123,6 +147,10 @@ public class MigrationManager {
airavataUserProfile.setHomeOrganization(ISProfile.getOrganization());
airavataUserProfile.setPhones(ISProfile.getPhones());
airavataUserProfile.setCountry(ISProfile.getCountry());
+ airavataUserProfile.setCreationTime(new Date().getTime());
+ airavataUserProfile.setLastAccessTime(new Date().getTime());
+ airavataUserProfile.setValidUntil(-1);
+ airavataUserProfile.setState(Status.ACTIVE);
//TODO: fix authtzToken, for now we are using empty token
client.addUserProfile(authzToken, airavataUserProfile);
}
@@ -133,8 +161,10 @@ public class MigrationManager {
KeycloakIdentityServerClient client = new KeycloakIdentityServerClient("https://iam.scigap.org/auth",
"master",
"SuperRealmUsername",
- "MasterRealmPassword");
- client.migrateUserStore(Wso2ISProfileList,"keycloakTargetRealm","tempPassword");
+ "MasterRealmPassword",
+ "trustStorePath",
+ "trustStorePassword");
+ client.migrateUserStore(Wso2ISProfileList,"keycloakTargetRealm","tempPassword", roleConversionMap);
}
public static void main(String[] args) {
http://git-wip-us.apache.org/repos/asf/airavata/blob/bd526ade/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileDAO.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileDAO.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileDAO.java
index cb000cf..12571b2 100644
--- a/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileDAO.java
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/UserProfileDAO.java
@@ -32,6 +32,7 @@ public class UserProfileDAO {
private List<String> Phones;
private String gatewayID;
private String address;
+ private List<String> roles;
public String getAddress() {
return address;
@@ -115,4 +116,12 @@ public class UserProfileDAO {
public void setEmail(String email) {
this.email = email;
}
+
+ public List<String> getRoles() {
+ return roles;
+ }
+
+ public void setRoles(List<String> roles) {
+ this.roles = roles;
+ }
}
[2/3] airavata git commit: AIRAVATA-2402 For testing migration,
code to recreate a tenant
Posted by ma...@apache.org.
AIRAVATA-2402 For testing migration, code to recreate a tenant
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/020ecaeb
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/020ecaeb
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/020ecaeb
Branch: refs/heads/develop
Commit: 020ecaeb6a2ebbcd8557a7d952ec2efdd8523410
Parents: c076a56
Author: Marcus Christie <ma...@apache.org>
Authored: Wed May 31 17:16:56 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Wed May 31 17:16:56 2017 -0400
----------------------------------------------------------------------
.../client/ProfileServiceClientFactory.java | 15 ++++
.../airavata/KeycloakTenantCreationManager.java | 92 ++++++++++++++++++++
2 files changed, 107 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/020ecaeb/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/client/ProfileServiceClientFactory.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/client/ProfileServiceClientFactory.java b/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/client/ProfileServiceClientFactory.java
index 8a74d25..f41bc77 100644
--- a/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/client/ProfileServiceClientFactory.java
+++ b/airavata-services/profile-service/profile-service-stubs/src/main/java/org/apache/airavata/service/profile/client/ProfileServiceClientFactory.java
@@ -20,6 +20,9 @@
*/
package org.apache.airavata.service.profile.client;
+import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices;
+import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
+import org.apache.airavata.service.profile.iam.admin.services.cpi.iam_admin_services_cpiConstants;
import org.apache.airavata.service.profile.tenant.cpi.TenantProfileService;
import org.apache.airavata.service.profile.tenant.cpi.exception.TenantProfileServiceException;
import org.apache.airavata.service.profile.tenant.cpi.profile_tenant_cpiConstants;
@@ -60,4 +63,16 @@ public class ProfileServiceClientFactory {
throw new TenantProfileServiceException(e.getMessage());
}
}
+
+ public static IamAdminServices.Client createIamAdminServiceClient(String serverHost, int serverPort) throws IamAdminServicesException {
+ try {
+ TTransport transport = new TSocket(serverHost, serverPort);
+ transport.open();
+ TProtocol protocol = new TBinaryProtocol(transport);
+ TMultiplexedProtocol multiplexedProtocol = new TMultiplexedProtocol(protocol, iam_admin_services_cpiConstants.IAM_ADMIN_SERVICES_CPI_NAME);
+ return new IamAdminServices.Client(multiplexedProtocol);
+ } catch (TTransportException e) {
+ throw new IamAdminServicesException(e.getMessage());
+ }
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/020ecaeb/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakTenantCreationManager.java
----------------------------------------------------------------------
diff --git a/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakTenantCreationManager.java b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakTenantCreationManager.java
new file mode 100644
index 0000000..b166a27
--- /dev/null
+++ b/modules/user-profile-migration/src/main/java/org/apache/airavata/KeycloakTenantCreationManager.java
@@ -0,0 +1,92 @@
+package org.apache.airavata;
+
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+import org.apache.airavata.model.credential.store.PasswordCredential;
+import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.model.workspace.Gateway;
+import org.apache.airavata.model.workspace.GatewayApprovalStatus;
+import org.apache.airavata.service.profile.client.ProfileServiceClientFactory;
+import org.apache.airavata.service.profile.iam.admin.services.cpi.IamAdminServices;
+import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
+import org.apache.thrift.TException;
+
+public class KeycloakTenantCreationManager {
+
+ private String profileServiceServerHost = "localhost";
+ private int profileServiceServerPort = 8962;
+ private String masterAdminUsername = "admin";
+ private String masterAdminPassword = "password";
+
+ private IamAdminServices.Client iamAdminServiceClient = null;
+
+ public void createTenant(Gateway gateway) {
+ PasswordCredential passwordCredential = getPasswordCredential();
+ try {
+ // TODO: replace with real authz token?
+ getIamAdminServiceClient().setUpGateway(new AuthzToken("empty"), gateway, passwordCredential);
+ } catch (TException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private IamAdminServices.Client getIamAdminServiceClient() {
+ if (iamAdminServiceClient == null) {
+ try {
+ iamAdminServiceClient = ProfileServiceClientFactory.createIamAdminServiceClient(this.profileServiceServerHost, this.profileServiceServerPort);
+ } catch (IamAdminServicesException e) {
+ throw new RuntimeException(e);
+ }
+ }
+ return iamAdminServiceClient;
+ }
+
+ private PasswordCredential getPasswordCredential() {
+ PasswordCredential passwordCredential = new PasswordCredential();
+ passwordCredential.setGatewayId("dummy");
+ passwordCredential.setPortalUserName("dummy");
+ passwordCredential.setLoginUserName(masterAdminUsername);
+ passwordCredential.setPassword(masterAdminPassword);
+ return passwordCredential;
+ }
+
+ public static void main(String[] args) {
+
+ // Configuration ...
+ KeycloakTenantCreationManager keycloakTenantCreationManager = new KeycloakTenantCreationManager();
+ keycloakTenantCreationManager.masterAdminUsername = "";
+ keycloakTenantCreationManager.masterAdminPassword = "";
+ keycloakTenantCreationManager.profileServiceServerHost = "";
+
+ Gateway gateway = new Gateway();
+ gateway.setGatewayId("");
+ gateway.setGatewayApprovalStatus(GatewayApprovalStatus.CREATED);
+ gateway.setGatewayName("");
+ gateway.setIdentityServerUserName("");
+ gateway.setGatewayAdminFirstName("");
+ gateway.setGatewayAdminLastName("");
+ gateway.setGatewayAdminEmail("");
+ gateway.setGatewayURL("");
+
+ keycloakTenantCreationManager.createTenant(gateway);
+ }
+}